Knowledge base
  • Goal of knowledge base
  • Linux & core
    • Linux
      • Record SSH session for reporting
      • Compress / Decompress files
      • Colorize logs
      • Cron output & logging
      • Signal
      • Break out and escape SSH session
      • Mount volume permanently
      • Show processes most consuming CPU & MEM
      • Improve and optimize battery life on Linux
      • File ownership & groups in linux
      • Automatic security update/patch on Ubuntu
      • Clean buffers and cached on linux
      • Bash completion on Linux/Mac
    • Core services
      • Nginx reload
      • OpenVPN Split tunneling
      • Nmap commands
    • Hardware
      • CPU Architecture fundamental
  • Database
    • MySQL
      • InnoDB - innodb_file_per_table parameter
      • MySQL - enable slow query log
      • MySQL - export large tables
    • MongoDB
  • Container
    • Docker
      • ADD or COPY in Dockerfile
        • Clean data of docker completely
    • Podman
  • Automation
    • Ansible
      • Output format
  • Build & Deployment
    • Jenkins
      • Jenkins - force exit pipeline when failure
  • Language & Toolset
    • PHP
      • Composer
      • php-redis & php-igbinary
  • Mindset
    • Technical based
      • Writing well
      • Reinvent The Wheel
      • Approach a new system
      • Backup philosophy
      • Mindset for building HA and scalable system
      • GitLab database incident
    • Non-technical based
      • How to read news efficiency?
      • How long should you nap?
      • Assume good faith
  • Reference & learning source
    • Books
      • Sysadmin/SRE
      • Mindsets
      • Software fundamentals
    • English
Powered by GitBook
On this page
  • Problem & Goal:
  • Solution:
  • Reference:
  1. Linux & core
  2. Linux

Automatic security update/patch on Ubuntu

Problem & Goal:

Automatic update packages, every day, when have security patch

Solution:

  1. ubuntu ko tự upgrade cho mình

  2. muốn tự upgrade thì cài gói unattended-upgrades vào, cấu hình upgrade cái gì (kernel, sec,… )

  3. mỗi ngày system gọi thằng /etc/cron.daily/apt-compat lên làm

  4. trong thằng /etc/cron.daily/apt-compat, nó có gọi thằng /usr/lib/apt/apt.systemd.daily lên execute

  5. trong đây nó có chỗ set biến là 0 (tức là disable), đọc cái file 50unattended-upgrades lên, lấy giá trị của nó, override lại cái biến khai báo = 0 ban đầu, nếu override rồi mà vẫn = 0 thì ko chạy, còn ra =1 thì update lên

Debug by using kernel/system log: alternatives.log + unattended-upgrades + dpkg.log

Reference:

https://help.ubuntu.com/community/AutomaticSecurityUpdates

PreviousFile ownership & groups in linuxNextClean buffers and cached on linux

Last updated 6 years ago